基于行为的智能手机权限授予机制

BEHAVIOUR-BASED PERMISSION GRANTING POLICY FOR SMART PHONE

下载PDF

导出

摘要随着智能手机的发展,软件的恶意行为在移动平台也呈现爆发性增长。面对正常行为和恶意行为混杂的情况,现有的权限机制缺乏相适应的粒度以及足够的信息区分相同程序中的不同行为。以"程序行为"为粒度对应用程序进行授权,并辅助以行为的上下文作为判定依据可以有效地分离程序正常行为与恶意行为。基于上述概念设计并实现Event Chain原型系统,具有追踪、建立程序行为及其上下文的能力。实验表明,该系统能够检测到Bg Serv、Fake Player等5个病毒家族的89个恶意软件中的恶意行为,并且具有低于10%的性能开销。 With the development of smart phone,malicious behaviours in applications are also growing explosively on mobile platforms.However,existing permission schemes lack the adapted granularity and sufficient information to differentiate different behaviours from same application when facing the situation of malicious behaviours mixed in the normal ones. It is able to effectively sever the normal and malicious behaviours in application by taking the＂applications behaviour＂as the granularity to authorise the application assisted by using the context of the behaviour as discriminant basis. In this paper,we design and implement a prototype system of EventChain based on the above concept. It has the capability of tracking,as well as setting up the behaviours of application and its corresponding context. It is shown by experiments that the Event Chain system can detect the malicious behaviours in 89 malware from five malware families including BgServ,FakePlayer,etc.,and has the performance overhead less than 10%.

作者谭丞夏虞斌臧斌宇

机构地区复旦大学软件学院上海交通大学分布式与并行系统实验室

出处《计算机应用与软件》 CSCD 2015年第8期261-265,287,共6页 Computer Applications and Software

基金国家自然科学基金项目(61303011)

关键词手机安全权限管理 ANDROID Mobile security Permission management Android

分类号 TP391 [自动化与计算机技术—计算机应用技术]

引文网络
相关文献

参考文献16

14 out of 5 smartphones use Android: Survey [ EB/OL]. http://www.hindustantimes. com/business-news/android-smartphones-dominate-win-dows-gains-survey/articlel -1150575. aspx.
2CNBC. Us security agencies say android mobile main target for mal-ware [R]. 2013.
3CaffeineBench [ OL]. http://www. benchmarkhq. ru/cm30/info. ht-ml.
4Zhou Y, Jiang X. Dissecting android malware : Characterization and e-volution [ C ] //Security and Privacy ( SP),2012 IEEE Symposium on,IEEE, 2012: 95-109.
5Felt A P, Finifter M, Chin E,et al. A survey of mobile malware in thewild[ C]//Pn)ceedings of the 1st ACM workshop on Security and pri-vacy in smartphones and mobile devices. ACM, 2011 : 3 - 14.
6Nauman M , Khan S, Zhang X. Apex : extending android permissionmodel and enforcement with user-defined runtime constraints [ C ]//Proceedings of the 5th ACM Symposium on Information,(Computer andCommunications Security. ACM , 2010 : 328 - 332.
7Enck W, Gilbert P, Chun B G, et al. TairitDroid : An Inforniation-Flow Tracking System for Realtime Privacy Monitoring on Smartphones[C]. OSDI. 2010, 10: 255 -270.
8Yang Z, Yang M, Zhang Y, et al. Appintent : Analyzing sensitive* datatransmission in android for privacy leakage detection[ C ] //Proceedingsof the 2013 ACM S1GSAC conference on computer & communicationssecurity. ACM, 2013: 1043 -1054.
9Felt A P, Ha E, Egelman S, et al. Android pennissinns: User atten- tion, comprehension, and behavior [ C ]//Proceedings of the Eighth Symposium on Usable Privacy and Security. ACM, 2012: 3.
10Ravindranath L, Padhye J, Agarwal S, et al. Applnsi^ht : mobile appperformance monitoring in the wild[ C]//Proceeding.s of the 10th USE-NIX conference on Operating Systems Design and Implementation.USENIX Association, 2012: 107-120.

1谢强.一种动态安全权限授予机制的实现[J].程序员,2006(5):106-108.
2卢宏才,张军平.云计算环境下任务行为访问控制模型研究[J].无线电工程,2016,46(11):17-21. 被引量：3
3王莹,张永胜,张永强,杨晶,孙翠翠.结合信任的Web Services属性访问控制模型[J].计算机工程与设计,2011,32(8):2575-2579. 被引量：1
4李志平,葛宗昌.人事管理系统（RGXT　V_（4．0））数据库分离程序[J].中国税务,1995(2):33-35.
5刘从湘.FX系列可编程控制器分离程序的编制[J].江汉石油科技,2005,15(1):43-46.
6章程.用于支持契约的AOP代码生成器的研究与实现[J].微型电脑应用,2007,23(1):1-4.
7知名设备制造商阿法拉伐与贝加莱进行技术合作[J].国内外机电一体化技术,2010,13(1):4-4.
8李俊桥.浅谈天津机场基于区域导航的进离场分离程序[J].电脑知识与技术,2014,10(5X):3668-3670. 被引量：2

计算机应用与软件

2015年第8期

浏览历史

内容加载中请稍等...

基于行为的智能手机权限授予机制

参考文献16

相关作者

相关机构

相关主题

浏览历史